Skip to main content

Fortinac

14 CVEs product

Monthly

CVE-2023-33300 MEDIUM This Month

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortinac
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2024-31488 CRITICAL Act Now

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinac
NVD
CVSS 3.1
9.0
EPSS
1.0%
CVE-2023-33299 CRITICAL Act Now

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Deserialization Fortinac
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2023-22633 HIGH This Week

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Fortinac Fortinac F
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26203 HIGH This Week

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinac Fortinac F
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22637 CRITICAL Act Now

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Fortinac Fortinac F
NVD
CVSS 3.1
9.0
EPSS
0.6%
CVE-2023-22638 MEDIUM PATCH This Month

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fortinac
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-26117 HIGH PATCH This Week

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Brute Force Information Disclosure Fortinac
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-26116 HIGH This Week

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortinac
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-43065 HIGH POC This Week

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Information Disclosure Fortinac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41021 MEDIUM PATCH This Month

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Fortinac
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-24011 HIGH This Week

A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinac
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2020-12816 MEDIUM This Month

An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinac
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-5594 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortinac
NVD
CVSS 3.0
6.1
EPSS
0.7%
EPSS 4% CVSS 5.3
MEDIUM This Month

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortinac
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortinac
NVD
EPSS 24% CVSS 9.8
CRITICAL Act Now

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Deserialization Fortinac
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Fortinac Fortinac F
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortinac Fortinac F
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Fortinac +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fortinac
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Brute Force Information Disclosure Fortinac
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortinac
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Fortinet Information Disclosure Fortinac
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Fortinac
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A privilege escalation vulnerability in FortiNAC version below 8.8.2 may allow an admin user to escalate the privileges to root by abusing the sudo privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinac
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinac
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet XSS Fortinac
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy